Different DNS server response for dhcpdiscover than for dhcpinform
John Wobus
jw354 at cornell.edu
Fri Apr 16 18:27:06 UTC 2010
Of course some sites could be depending on DHCPINFORM doing
what it is specified to do. Two design-table questions come to mind:
(1) Should there be a message similar to DHCPINFORM but which
returns the options associated with the existing lease?
(2) Are there so many cases of wrongly-implemented and misused
DHCPINFORMs that its spec should be modified to match
what is done in (some) practice, even if incompatible with the
currently-specified behavior? I.e., is it worth changing DHCP in
a non-upwardly-compatible manner?
An underlying question is whether there is any
real use for DHCPINFORM as it is currently defined.
John
On Apr 16, 2010, at 9:50 AM, Randall C Grimshaw wrote:
> It would be good for someone to bring this to the RFC design table
> because it makes it very unreliable to configure different settings.
> Because info requests only deliver the global values, over-riding
> more localized administrator settings based on the client behavior
> in making the info requests.
>
> Randy
>
> -----Original Message-----
> From: dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org [mailto:dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org
> ] On Behalf Of Glenn Satchell
> Sent: Thursday, April 15, 2010 8:55 PM
> To: Users of ISC DHCP
> Subject: Re: Different DNS server response for dhcpdiscover than for
> dhcpinform
>
>
> This is from RFC 2131
>
> 3.4 Obtaining parameters with externally configured network address
>
> If a client has obtained a network address through some other means
> (e.g., manual configuration), it may use a DHCPINFORM request
> message
> to obtain other local configuration parameters. Servers
> receiving a
> DHCPINFORM message construct a DHCPACK message with any local
> configuration parameters appropriate for the client without:
> allocating a new address, checking for an existing binding, filling
> in 'yiaddr' or including lease time parameters. The servers SHOULD
> unicast the DHCPACK reply to the address given in the 'ciaddr'
> field
> of the DHCPINFORM message.
>
> The server SHOULD check the network address in a DHCPINFORM message
> for consistency, but MUST NOT check for an existing lease. The
> server forms a DHCPACK message containing the configuration
> parameters for the requesting client and sends the DHCPACK message
> directly to the client.
>
> As I understand it the DHCPINFORM packets lack certain information
> which
> is needed to determine pool membership. In particular, because the
> server does not look up any existing lease, it is not able to see what
> information may or may not have been sent previously. So it's not a
> bug
> as such, more a design limitation of the protocol.
>
> RFC2131 is a detailed documentation of a complex protocol. Well
> worth a
> read to get a full background on the how dhcp is meant to work.
>
> regards,
> -glenn
>
> On 04/16/10 09:10, Michael Robbert wrote:
>> So, in order to work around this apparent bug I decided to move the
>> "option domain-name-servers" out of the global section of the
>> config and only configure it in each pool. Now DHCPINFORM requests
>> from clients don't result in them changing their DNS server config
>> because they don't get a DNS server answer. I'm hoping, and it
>> appears to be true, that the clients don't ever decide to blank out
>> the DNS servers because the DHCP server doesn't give them an answer.
>> I would still be curious to know if it is intentional behavior or a
>> bug that DHCPINFORM requests don't appear to result in the parsing
>> of options defined in the pools?
>>
>> Thanks,
>> Mike Robbert
>>
>> On Apr 12, 2010, at 5:46 PM, Michael Robbert wrote:
>>
>>> We are currently running ISC DHCP 3.1.3b1 and have been running
>>> the same basic config for many years now, but recently we've had
>>> some clients that appear to behave differently and I think that
>>> I've tracked it down to what appears to be a known bug in the way
>>> the server responds to DHCPINFORM packets. There have been list
>>> discussions about this in the past and a workaround for one users
>>> situation was posted, but our situation is a little different and
>>> I'd like to know if this bug is supposed to be fixed or if anybody
>>> can suggest a different config that will work for us.
>>> Our setup is that we send most of our clients to our two main DNS
>>> servers, but on a few subnets if the client MAC address is not
>>> registered with us (unknown to DHCP) we want to send them to a
>>> registration portal page so we give them a different DNS server
>>> that will direct them to our "captive portal". The problem is that
>>> we've found some clients appear to be occasionally sending
>>> DHCPINFORM packets at some point and are getting the public DNS
>>> servers so they are not getting redirected. Here is what I think
>>> are the relevant parts of our config:
>>>
>>> option domain-name "Mines.EDU";
>>> option domain-name-servers magma.Mines.EDU, ns1.Mines.EDU;
>>> default-lease-time 7200;
>>> max-lease-time 21600;
>>> option broadcast-address 255.255.255.255;
>>>
>>> authoritative;
>>>
>>> #Main Campus subnet
>>> subnet 138.67.0.0 netmask 255.255.192.0 {
>>> option broadcast-address 138.67.63.255;
>>> option subnet-mask 255.255.192.0;
>>> #known clients
>>> pool {
>>> failover peer "magma-massive";
>>> deny dynamic bootp clients;
>>> range 138.67.20.10 138.67.20.250;
>>> range 138.67.11.10 138.67.11.250;
>>> option routers 138.67.1.1;
>>> deny unknown clients;
>>> }
>>> #unknown clients
>>> pool {
>>> failover peer "magma-massive";
>>> deny dynamic bootp clients;
>>> range 138.67.13.10 138.67.13.240;
>>> range 138.67.10.10 138.67.10.240;
>>> option domain-name-servers slag.Mines.EDU;
>>> option routers 138.67.1.63;
>>> allow unknown clients;
>>> deny known clients;
>>> }
>>> }
>>>
>>> ...
>>> Many other subnets
>>> ...
>>> include "/home/dhcpd/dhcp.registered";
>>>
>>> Thanks in advance for any help!
>>>
>>> Mike Robbert
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list